From 30197107105cec06d96a96a0a11322ee95d360de Mon Sep 17 00:00:00 2001
From: Bruno Windels <274386+bwindels@users.noreply.github.com>
Date: Fri, 7 Apr 2023 09:52:08 +0200
Subject: [PATCH] expose method on BlobHandle to create a handle without
 mimetype filtering

---
 src/platform/web/Platform.js        |  3 ++-
 src/platform/web/dom/BlobHandle.js  | 15 +++++----------
 src/platform/web/dom/ImageHandle.js |  3 ++-
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/platform/web/Platform.js b/src/platform/web/Platform.js
index be8c9970..50ec60a5 100644
--- a/src/platform/web/Platform.js
+++ b/src/platform/web/Platform.js
@@ -300,7 +300,8 @@ export class Platform {
                 const file = input.files[0];
                 this._container.removeChild(input);
                 if (file) {
-                    resolve({name: file.name, blob: BlobHandle.fromBlob(file)});
+                    // ok to not filter mimetypes as these are local files
+                    resolve({name: file.name, blob: BlobHandle.fromBlobUnsafe(file)});
                 } else {
                     resolve();
                 }
diff --git a/src/platform/web/dom/BlobHandle.js b/src/platform/web/dom/BlobHandle.js
index 932fa53c..2d5231e0 100644
--- a/src/platform/web/dom/BlobHandle.js
+++ b/src/platform/web/dom/BlobHandle.js
@@ -76,7 +76,7 @@ const DEFAULT_MIMETYPE = 'application/octet-stream';
 export class BlobHandle {
     /** 
      * @internal
-     * Don't use the constructor directly, instead use fromBuffer, fromBlob or fromBufferUnsafe
+     * Don't use the constructor directly, instead use fromBuffer or fromBlobUnsafe
      * */
     constructor(blob, buffer = null) {
         this._blob = blob;
@@ -84,13 +84,6 @@ export class BlobHandle {
         this._url = null;
     }
 
-    /** Does not filter out mimetypes that could execute embedded javascript.
-     * It's up to the callee of this method to ensure that the blob won't be
-     * rendered by the browser in a way that could allow cross-signing scripting. */
-    static fromBufferUnsafe(buffer, mimetype) {
-        return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
-    }
-
     static fromBuffer(buffer, mimetype) {
         mimetype = mimetype ? mimetype.split(";")[0].trim() : '';
         if (!ALLOWED_BLOB_MIMETYPES[mimetype]) {
@@ -99,8 +92,10 @@ export class BlobHandle {
         return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
     }
 
-    static fromBlob(blob) {
-        // ok to not filter mimetypes as these are local files
+    /** Does not filter out mimetypes that could execute embedded javascript.
+     * It's up to the callee of this method to ensure that the blob won't be
+     * rendered by the browser in a way that could allow cross-signing scripting. */
+    static fromBlobUnsafe(blob) {
         return new BlobHandle(blob);
     }
 
diff --git a/src/platform/web/dom/ImageHandle.js b/src/platform/web/dom/ImageHandle.js
index 4ac3a6cd..19fd8c59 100644
--- a/src/platform/web/dom/ImageHandle.js
+++ b/src/platform/web/dom/ImageHandle.js
@@ -64,7 +64,8 @@ export class ImageHandle {
         } else {
             throw new Error("canvas can't be turned into blob");
         }
-        const blob = BlobHandle.fromBlob(nativeBlob);
+        // unsafe is ok because it's a jpeg or png image
+        const blob = BlobHandle.fromBlobUnsafe(nativeBlob);
         return new ImageHandle(blob, scaledWidth, scaledHeight, null);
     }